diff options
author | Ronald S. Bultje <rsbultje@gmail.com> | 2012-02-09 22:57:01 -0800 |
---|---|---|
committer | Ronald S. Bultje <rsbultje@gmail.com> | 2012-02-09 22:57:01 -0800 |
commit | 45b7bd7c53b41bc5ff6fc2158831f2b1b1256113 (patch) | |
tree | 51923d7569c3c823380fcca869fa8361055dcc3e /libavcodec/h264_cavlc.c | |
parent | 81749f30cd84b35f774d7d1bbe6bf3f96e2362c8 (diff) | |
download | ffmpeg-45b7bd7c53b41bc5ff6fc2158831f2b1b1256113.tar.gz |
h264: disallow constrained intra prediction modes for luma.
Conversion of the luma intra prediction mode to one of the constrained
("alzheimer") ones can happen by crafting special bitstreams, causing
a crash because we'll call a NULL function pointer for 16x16 block intra
prediction, since constrained intra prediction functions are only
implemented for chroma (8x8 blocks).
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
CC: libav-stable@libav.org
Diffstat (limited to 'libavcodec/h264_cavlc.c')
-rw-r--r-- | libavcodec/h264_cavlc.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/libavcodec/h264_cavlc.c b/libavcodec/h264_cavlc.c index fdb7ab5709..a5b6403446 100644 --- a/libavcodec/h264_cavlc.c +++ b/libavcodec/h264_cavlc.c @@ -822,12 +822,12 @@ decode_intra_mb: if( ff_h264_check_intra4x4_pred_mode(h) < 0) return -1; }else{ - h->intra16x16_pred_mode= ff_h264_check_intra_pred_mode(h, h->intra16x16_pred_mode); + h->intra16x16_pred_mode= ff_h264_check_intra_pred_mode(h, h->intra16x16_pred_mode, 0); if(h->intra16x16_pred_mode < 0) return -1; } if(decode_chroma){ - pred_mode= ff_h264_check_intra_pred_mode(h, get_ue_golomb_31(&s->gb)); + pred_mode= ff_h264_check_intra_pred_mode(h, get_ue_golomb_31(&s->gb), 1); if(pred_mode < 0) return -1; h->chroma_pred_mode= pred_mode; |